|
|
Colapse all |
Post message
SUSE Security Announcement: apache2 (SUSE-SA:2004:030) 2004-09-06 krahmer suse de (Sebastian Krahmer) OpenCA Security Advisory: Cross Site Scripting vulnerability 2004-09-06 Martin Bartosch (martin bartosch gmx de) OpenCA Security Advisory: Cross Site Scripting vulnerability Authors Martin Bartosch <mb-bugtraq (at) cynops (dot) de [email concealed]> Michael Bell <michael.bell (at) cms.hu-berlin (dot) de [email concealed]> 2004-09-01 Initial revision 2004-09-06 Public release Summary ------- The OpenCA Project is a collaborative effort to develop a robust, [ more ] [ reply ] Cross-Site Scripting Vulnerability in Newtelligence DasBlog 2004-09-01 Dominick Baier (seclists leastprivilege com) ERNW Security Advisory Cross-Site Scripting Vulnerability in Newtelligence DasBlog Author: Dominick Baier <dbaier (at) ernw (dot) de [email concealed]> 1. Summary: A XSS (Cross-Site-Scripting) Vulnerability in DasBlog's Event and Activity Viewer allows to inject and execute code on the client's machine. This allows an attac [ more ] [ reply ] Patch available for multiple critical flaws in Oracle 2004-08-31 NGSSoftware Insight Security Research (nisr nextgenss com) Researchers at NGSSoftware have discovered multiple critical vulnerabilities in Oracle Database Server and Oracle Application Server. Versions affected include Oracle Database 10g Release 1 Version 10.1.0.2 Oracle9i Database Server Release 2, versions 9.2.0.4 and 9.2.0.5 Oracle9i Database Server [ more ] [ reply ] [ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely 2004-09-03 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [XSS] PHP-Nuke 7.4 DelAdmin Bug 2004-09-04 Pierquinto Manco (mantra ntj it) ************************************************************** * CODEBUG Labs * Advisory #2 * Title: DelAdmin Bug * Author: Pierquinto 'Mantra' Manco * Product: PHP-Nuke 7.4 * Type: XSS * Web: http://www.mantralab.org * ************************************************************** [ more ] [ reply ] [XSS] PHP-Nuke 7.4 ViewAdmin Bug 2004-09-04 Pierquinto Manco (mantra ntj it) ************************************************************** * CODEBUG Labs * Advisory #3 * Title: ViewAdmin Bug * Author: Pierquinto 'Mantra' Manco * Product: PHP-Nuke 7.4 * Type: XSS * Web: http://www.mantralab.org * ************************************************************** [ more ] [ reply ] Engenio/LSI Logic controllers denial of service/data corruption 2004-09-04 Jedi/Sector One (j pureftpd org) Product : Engenio/LSI Logic storage controllers, including: - Storagetek D280 (verified), - IBM FastT 100 (verified), - Probably all other Storagetek and IBM FastT storage controllers since the software part is almost identical, - Maybe some SGI and Teradata storage controllers (unverified), - [ more ] [ reply ] FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities 2004-09-04 Thor Larholm (thor pivx com) This is a post forwarded from the Unpatched mailing list ( http://www.pivx.com/pivxlabsUnpatched.asp ), a mailing list that receive advance notification of any security research from PivX Labs. Cheers Thor ________________________________ From: Thor Larholm To: unpatched (at) pivxlabs (dot) com [email concealed] Subject: [ more ] [ reply ] [ GLSA 200409-07 ] xv: Buffer overflows in image handling 2004-09-03 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Dynalink routers backdoor? 2004-09-03 fabio (ctrlaltca libero it) I was playing with a Dynalink RTA 230 (http://www.dynalink.co.nz/products/rta230.htm), a linux based mips-cored adsl router. Looking at embedded linux system, i've found something like a backdoor: # cat /etc/passwd admin:xxxxx(obscured)xxxxx:0:0:Administrator:/:/bin/sh userNotUsed:YNf8oSCwK/0/ [ more ] [ reply ] [XSS] PHP-Nuke 7.4 Remote Privilege Escalation 2004-09-03 Pierquinto Manco (mantra ntj it) ************************************************************** * CODEBUG Labs * Advisory #1 * Title: AddAdmin Bug * Author: Pierquinto 'Mantra' Manco * Product: PHP-Nuke 7.4 * Type: XSS * Web: http://www.mantralab.org [ITALIAN SITE] * *************************************************** [ more ] [ reply ] UPDATE: [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities 2004-09-03 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Open Source Vulnerability Database Opens Vendor Dictionary 2004-09-02 Jake (jkouns opensecurityfoundation org) Open Source Vulnerability Database Opens Vendor Dictionary The Open Source Vulnerability Database, a project to catalog and describe the world's security vulnerabilities, has expanded its offering and opened a vendor dictionary that serves as a centralized resource for vendor contact information fo [ more ] [ reply ] Kerio Personal Firewall's Application Launch Protection Can Be Disabled by Direct Service Table Restoration 2004-09-02 Jérôme ATHIAS (jerome athias caramail com) by Tan Chew Keong Release Date: 02 Sep 2004 Summary Kerio Personal Firewall 4 (KPF4) is a state-of-the-art personal firewall that helps users restrict how their computers exchange data with other computers on the Internet or local network. KPF has an Application Security feature that allows [ more ] [ reply ] Patch available for IBM DB2 Universal Database flaws 2004-09-01 NGSSoftware Insight Security Research (nisr nextgenss com) Researchers at NGSSoftware have discovered multiple critical/high risk vulnerabilities in IBM's DB2 Universal Database. Versions affected include DB2 8.1 Fixpak 6 and earlier DB2 7.x Fixpak 11 and earlier Two of the issues, remotely exploitable buffer overflows, have been fixed in Fixpak 7 for D [ more ] [ reply ] [ GLSA 200409-04 ] Squid: Denial of service when using NTLM authentication 2004-09-02 Thierry Carrez (koon gentoo org) [ GLSA 200409-05 ] Gallery: Arbitrary command execution 2004-09-02 Sune Kloppenborg Jeppesen (jaervosz gentoo org) WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code 2004-09-02 Jérôme ATHIAS (jerome athias caramail com) Date: Wed, 1 Sep 2004 07:31:24 -0400 Subject: http://www.winzip.com/wz90sr1.htm WinZip reported discovering some vulnerabilities, including potential buffer overflows, during an internal review of the WinZip code. In addition, a WinZip user discovered a buffer overflow, where a local u [ more ] [ reply ] [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server 2004-09-02 SHATTER (Application Security, Inc.) (vrathod appsecinc com) AppSecInc Advisory: Multiple vulnerabilities in Oracle Database Server Date: August 31, 2004 Detailed Information Provided Online At: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/ Credit: These vulnerabilities were researched and discovered by Cesar Cerrudo and Esteban Martinez Fay [ more ] [ reply ] [ GLSA 200409-06 ] eGroupWare: Multiple XSS vulnerabilities 2004-09-02 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200409-03 ] Python 2.2: Buffer overflow in getaddrinfo() 2004-09-02 Thierry Carrez (koon gentoo org) |
|
Privacy Statement |
date: 06.09.2004
author: l0om - l0om [at] excluded d0t org - www.excluded.org
product: serverview
problem: insecure file permissions
version: 3.0???
serverview is a server management product from fujitsu siemens
which is shipped with every PRIMERGY server.
it is based on snmp an let you
[ more ] [ reply ]